JSP tag for creating URLs. Modeled after the JSTL c:url tag with backwards
compatibility in mind.

Enhancements to the JSTL functionality include:

URL encoded template URI variables

HTML/XML escaping of URLs

JavaScript escaping of URLs

Template URI variables are indicated in the 'value'
attribute and marked by braces '{variableName}'. The braces and attribute name are
replaced by the URL encoded value of a parameter defined with the spring:param tag
in the body of the url tag. If no parameter is available the literal value is
passed through. Params matched to template variables will not be added to the query
string.

Use of the spring:param tag for URI template variables is strongly recommended
over direct EL substitution as the values are URL encoded. Failure to properly
encode URL can leave an application vulnerable to XSS and other injection attacks.

URLs can be HTML/XML escaped by setting the 'htmlEscape' attribute to 'true'. Detects an HTML escaping setting, either on
this tag instance, the page level, or the web.xml level. The default
is 'false'. When setting the URL value into a variable, escaping is not recommended.